To accomplish password change on first login, i'd create an additional field on the user's profile, and then when they login - check the field. If it's set, redirect to a change password page. Changing the password changes the value of the field
so the user isn't redirected the next time they login.
As for redirecting the user, you could do it pretty easily by creating a web part that gets added to the home page. Then every time the user hits the home page, the web part code would be run that would redirect them if their profile field is set.
You could do the same thing by adding a custom control to the master page - then the code would run anytime any page is loaded.
If you want to add the code to just the login page and are having issues, you could use reflector or ilspy to find out what's happening in the code behind and adapt your changes to that.
thanks. Is there any issue in using Global.asax to check for field instead of creating a web part?
so create an additional colum like "IsPasswordChanged" in the Profile table? how does this field gets updated automatically upon password change? can i use the existing API to accomplish all this or do i need to write a seperate sql query
etc?
You can look at the code for saving the user's fullname field - that is only stored in the SharePoint user profile - it is not on the membership database.
That should be all you need if all of the user management will be in a single site collection. If it will be spread across multiple site collections, then you may want to consider using the membership profile provider to add the field to the database.
I've added some additional fields to the User Information List. I'm
trying to find the class and method where you save the user's information during the Request Access page. Can you point me in the right direction.